Ars Technica reports that Kaspersky Labs have released further details tying the NSA to a group of expert hackers dubbed "Equation Group".
The Kaspersky researchers once again stopped short of saying the hacking collective they dubbed Equation Group was the handiwork of the NSA, saying only that the operation had to have been sponsored by a nation-state with nearly unlimited resources to dedicate to the project. Still, they heaped new findings on top of a mountain of existing evidence that already strongly implicated the spy agency. The strongest new tie to the NSA was the string "BACKSNARF_AB25" discovered only a few days ago embedded in a newly found sample of the Equation Group espionage platform dubbed "EquationDrug." "BACKSNARF," according to page 19 of this undated NSA presentation [PDF], was the name of a project tied to the NSA's Tailored Access Operations.
Similarities have been noted in the procedures and capabilities of Equation Group and those detailed in Edward Snowden's disclosures concerning the NSA, most notably the the ability to interdict hardware and software during shipping to be replaced with duplicates infected with highly sophisticated malware. The article also points to timestamp analysis that indicates the authors of the captured malware worked regular office hours: 8-5, Monday-Friday in the UTC-3 and UTC-4 time-zones. The Kaspersky report discounted intentional manipulation of these timestamps and suggests that Equation Group are located in the eastern United States.
(Score: 2) by TLA on Friday March 13 2015, @12:22AM
ooh, now we're getting meta... too tomatoey for my palate. :)
Excuse me, I think I need to reboot my horse. - NCommander